Q

Getting your career in infrastructure security started

Security management expert Mike Rothman offers advice on how to move up or get involved in the infrastructure security job market.

I have six years of IT experience working with Microsoft servers. I am very interested in IT infrastructure security. Where should I start? I am a MCSA.
The foundation of knowledge that you have on Microsoft servers will be somewhat helpful as you start moving toward a security role. You do need a broader background in areas like network operations and desktop support. So you'll need to bone up on your networking skills and learn about defenses such as firewalls, VPNs and network intrusion prevention systems (NIPS).

You may already know a bit about these product categories via your work in the data center, but understanding the

network attack vectors and, most importantly, the way to isolate and remediate exposures and attacks, is a bit different. There are really two ways to get this kind of understanding.

First, you can learn in the school of hard knocks. That means you basically ask for a transfer to your company's security team and start at the bottom. You'll likely be configuring firewalls and NIPS boxes, troubleshooting VPN issues, and maybe even looking over some log data to try to spot an attack and defend against it.

The other way is to go take some training courses. I suggest reading a lot (some of SearchSecurity.com's Security Schools can certainly help provide an understanding of the vernacular) and also look into formal training, like that offered by organizations such as SANS and Security University. These courses offer a good base in introductory topics, which will start your journey with the right foundation.

I also suggest specializing fairly early in your education. A base of knowledge is essential, but then focusing on something like data center or server security could be a good choice, given your background already. There are hot topics like virtualization security that will require specialized knowledge in the future, and you are well-positioned to serve that need.

Other areas of potential specialization could include SOA security or Web application security, depending on what those Microsoft servers you were managing are actually doing.

For more information:

  • Learn best practices for landing a role in the security management field.
  • In this tip, security practitioners reveal what you should know when pursuing an information security career.
  • This was first published in December 2007

    Dig deeper on Information Security Jobs and Training

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close